After installing and configuring an integration, you need to map their fields to Chronicle SOAR  fields in order to show the information in the platform.

When configuring the Elasticsearch Connector, we need to “convert” or map the custom date time such as _source_@timestamps field to startTime and endTime of Siemplify cases.

1. Navigate to Settings > Ontology > Ontology Status.
2. Click the Configure icon in the same row as the Elasticsearch connector.
3. In the Event Configuration page, select the Mapping screen on the left hand side.
4. In the System Fields, select the Start Time row and click the Edit icon. The Map Target Field:StartTime screen opens.
5. In the Map Target Field: Start Time area:
   1. Select the extracted Field to be the _source_@timestamp which is from EK stack.
   2. In the Transformation Function field use FROM_CUSTOM_DATETIME
   3. In the transformation parameters use YYYY-MM-DDTHH:MM:SS:zzzZ.
6. In the Map Target Field: End Time area:
   1. Select the extracted Field to be the _source_@timestamp which is from EK stack.
   2. In the Transformation Function field use FROM_CUSTOM_DATETIME
   3. In the transformation parameters use YYYY-MM-DDTHH:MM:SS:zzzZ. This is to generalize the time format.
7. Click Save.

The Elasticsearch timestamp fields are now converted to the standardized time and date fields as can be seen in the screenshot below.